Overview

overview

9

Static

static

7

b6c7215db4...11.exe

windows7-x64

9

b6c7215db4...11.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    b6c7215db4bbed679898f514c3556d72d21fd510ba68021150a0450a11645d11

  • Size

    6.7MB

  • Sample

    240310-q9wwbseb71

  • MD5

    39229076e5ac88365d2e8d99afa20bfe

  • SHA1

    b5438ca7b2fc1e50fa1c07c5c665c26865253416

  • SHA256

    b6c7215db4bbed679898f514c3556d72d21fd510ba68021150a0450a11645d11

  • SHA512

    1ceea0c6f885ec8904ce4fc677d0cc5f3a81cad0adf48544cd688bf846761b087a6c8e147304f046cccaf48b19bdd366871f054c26d16e7704c0eb2ec0e093d4

  • SSDEEP

    196608:LNpPOUtciUC34iincKeQzOoCqmGOiLQTU63k3Zi:LNpPOvb44OovmGOYQP3cg

Score
9/10
evasionthemidatrojan

Malware Config

Targets

    • Target

      b6c7215db4bbed679898f514c3556d72d21fd510ba68021150a0450a11645d11

    • Size

      6.7MB

    • MD5

      39229076e5ac88365d2e8d99afa20bfe

    • SHA1

      b5438ca7b2fc1e50fa1c07c5c665c26865253416

    • SHA256

      b6c7215db4bbed679898f514c3556d72d21fd510ba68021150a0450a11645d11

    • SHA512

      1ceea0c6f885ec8904ce4fc677d0cc5f3a81cad0adf48544cd688bf846761b087a6c8e147304f046cccaf48b19bdd366871f054c26d16e7704c0eb2ec0e093d4

    • SSDEEP

      196608:LNpPOUtciUC34iincKeQzOoCqmGOiLQTU63k3Zi:LNpPOvb44OovmGOYQP3cg

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks